Measuring and Characterizing Propagation of Reuse RSA Certificates and Keys Across PKI Ecosystem

Measuring and Characterizing Propagation of Reuse RSA Certificates and Keys Across PKI Ecosystem

The insecurities of public-key infrastructure on the Internet have been the focus of research for over a decade. The extensive presence of broken, weak, and vulnerable cryptographic keys has been repeatedly emphasized by many studies. Analyzing the security implications of cryptographic keys' v...

Full description

Saved in:
Bibliographic Details
Published in:IEEE/ACM transactions on networking pp. 1 - 17
Main Authors: Nezhadian, Fatemeh, Branca, Enrico, Barzolevskaia, Anna, Natadze, Andrei, Stakhanova, Natalia
Format: Journal Article
Language:English
Published: IEEE 18-11-2024
Subjects:
Communication protocols
data mining and (big) data analysis
peer-to-peer networks
security management
security services
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The insecurities of public-key infrastructure on the Internet have been the focus of research for over a decade. The extensive presence of broken, weak, and vulnerable cryptographic keys has been repeatedly emphasized by many studies. Analyzing the security implications of cryptographic keys' vulnerabilities, several studies noted the presence of public key reuse. While the phenomenon of private key sharing was extensively studied, the prevalence of public key sharing on the Internet remains largely unknown. In this work, we perform a large-scale analysis of public key reuse within the PKI ecosystem. We investigate the presence and distribution of duplicate X.509 certificates and reused RSA public keys across a large collection containing over 314 million certificates and over 13 million SSH keys collected by different sources at different times. We analyze the cryptographic weaknesses of duplicate certificates and reused keys and investigate the reasons and sources of reuse. Our results reveal that certificate and key sharing are common and persistent. Our findings show over 10 million certificates and 17 million public keys are reused across time and shared between our collections. We observe keys with non-compliant cryptographic elements stay available for an extended period of time.
ISSN:1063-6692
1558-2566
DOI:10.1109/TNET.2024.3495617